<?php
	$uri = $_SERVER['REQUEST_URI'];
	$uri_var = explode('/', $uri);
	
	$count = count($uri_var);
	$dot = "";
	
	for($i=0; $i<$count-2; $i++)
	{
		$dot = $dot."../";
	}
?>
<?php include($dot.'mvz-config/system/begin.php'); ?>
<?php include($dot.'mvz-config/system/session_start.php'); ?>
<?php include($dot.'mvz-config/system/session.php'); ?>
<?php
	/* Start Process */
	
	$http_referer = $_SERVER['HTTP_REFERER'];
	$referer = explode("?",$http_referer);
	$url_referer = $referer[0];
	
	// Get User Info
	if(!isset($_POST['process_module_id']))	{$modid = "";}	else{$modid = sql_quote(trim($_POST['process_module_id']));}
	if(!isset($_POST['process_module_name']))	{$modname = "";}	else{$modname = sql_quote(trim($_POST['process_module_name']));}
	if(!isset($_POST['process_module_sub_id']))	{$modsubid = "";}	else{$modsubid = sql_quote(trim($_POST['process_module_sub_id']));}
	if(!isset($_POST['process_module_category']))	{$modcategory = "";}else{$modcategory = sql_quote(trim($_POST['process_module_category']));}
	if(!isset($_POST['process_type']))		{$type = "";}	else{$type = sql_quote(trim($_POST['process_type']));}
	if(!isset($_POST['process_userin']))	{$user = "";}	else{$user = sql_quote(trim($_POST['process_userin']));}
	if(!isset($_POST['process_usergroup']))	{$usrgrp = "";}	else{$usrgrp = sql_quote(trim($_POST['process_usergroup']));}
	if(!isset($_POST['process_datein']))	{$date = "";}	else{$date = sql_quote(trim($_POST['process_datein']));}
	
	$isValid = check_user_module_process_privilege($user, $usrgrp, $modcategory, $modid, $modsubid, $type);
	
	/*
	echo "modid : ".$modid." -<br />";
	echo "modname : ".$modname." -<br />";
	echo "modsubid : ".$modsubid." -<br />";
	echo "modtype : ".$modcategory." -<br />";
	echo "type : ".$type." -<br />";
	echo "user : ".$user." -<br />";
	echo "usrgrp : ".$usrgrp." -<br />";
	echo "date : ".$date." -<br />";
	echo "isValid : ".$isValid." -<br />";
	die();
	*/
	
	if($isValid)
	{
		/*
		echo "<pre>";
		print_r($_SESSION);
		echo "</pre>";
		*/
		
		if(!isset($_POST['txt_user_PK_id']))			{$PK_id 	= "";}	else{$PK_id 	= sql_quote(trim($_POST['txt_user_PK_id']));}
		if(!isset($_POST['txt_user_group']))			{$group 	= "";}	else{$group 	= sql_quote(trim($_POST['txt_user_group']));}
		if(!isset($_POST['txt_user_name']))				{$name 		= "";}	else{$name 		= sql_quote(trim($_POST['txt_user_name']));}
		if(!isset($_POST['rdo_user_activate']))			{$activate 	= "";}	else{$activate 	= sql_quote(trim($_POST['rdo_user_activate']));}
		if(!isset($_POST['rdo_user_chgpass']))			{$chgpass 	= "";}	else{$chgpass 	= sql_quote(trim($_POST['rdo_user_chgpass']));}
		if(!isset($_POST['txt_user_password_new']))		{$password 	= "";}	else{$password 	= sql_quote(trim($_POST['txt_user_password_new']));}
		if(!isset($_POST['txt_user_password_new_c']))	{$password_c = "";}	else{$password_c = sql_quote(trim($_POST['txt_user_password_new_c']));}
		
		/*
		echo "PKid : ".$PK_id." -<br />";
		echo "group : ".$group." -<br />";
		echo "name : ".$name." -<br />";
		echo "activate : ".$activate." -<br />";
		echo "chgpass : ".$chgpass." -<br />";
		echo "password : ".$password." -<br />";
		echo "password_c : ".$password_c." -<br />";
		die();
		*/
		
		$sql3 = "select * from ms_user where stsrc = 'A' and userid = '".$PK_id."' and usergroupid = ".$group." ";
		$exe3 = mysql_query($sql3) or die(mysql_error());
		$num3 = mysql_num_rows($exe3);
		$row3 = mysql_fetch_array($exe3);
		
		$isValid2 = true;
		// validate process type either add or edit, and validate new password input
		if (($type == "ADD" && $password != $password_c) || ($type == "EDIT" && $password != $password_c && $chgpass == 1)) 
		{ $isValid2 = false; }
		
		// validate cannot set usergroup same or greater than current usergroupid
		if (($usrgrp <= $_SESSION['usergroupid'])) 
		{ $isValid2 = false; }
		
		/*
		echo "isValid2 : ".$isValid2." -<br />";
		die();
		*/
		
		if($isValid2)
		{
			if($type == "ADD")
			{
				$sql = "insert into ms_user (username, password, usergroupid, userstatus, userin, datein, stsrc) 
						values ('".$name."', '".md5($password)."', '".$group."', ".$activate.", ".$user.", '".$date."', 'A')
					";
				
				$string_log = "Add data User ".$name." ";
				$string_msg = "Data ".$name." succesfully added";
			}
			else if($type == "EDIT")
			{
				
				$sql2 = "select * from ms_user where stsrc = 'A' and userid = '".$PK_id."' ";
				$exe2 = mysql_query($sql2) or die(mysql_error());
				$num2 = mysql_num_rows($exe2);
				$row2 = mysql_fetch_array($exe2);
			
				$sql = " update ms_user ";
				$sql .= " set 	usergroupid = '".$group."',
								username = '".$name."',
								userstatus = '".$activate."',
								userup = ".$user.",
								dateup = '".$date."'
						";
				$sql .= " where userid = ".$PK_id." and stsrc = 'A'
						";
				//echo $sql;die();
				$string_log = "Edit data User ".$row3['username']." ";
				$string_msg = "Data ".$name." succesfully changed";
				
			}
			else if($type == "DELETE")
			{
				$sql = " update ms_user ";
				$sql .= " set 	stsrc = 'D',
								userup = ".$user.",
								dateup = '".$date."'
						";
				$sql .= " where userid = ".$PK_id." and stsrc = 'A'
						";
				
				$string_log = "Delete data User ".$row3['username']." ";
				$string_msg = "Data ".$name." succesfully deleted";
			}
			
			//echo $sql;die();
			$exe = mysql_query($sql) or die(mysql_error());
			
			addLogByUsername($string_log);
			setSessionMsg($string_msg);
			header("Location: ".$url_referer);
		}
		else
		{
			addLogByUsername("Access Denied : Management User Invalid Validation");
			setSessionErr();
			setSessionMsg("Access denied");
			header("Location: ".$url_referer);
			die();
		}
	}
	else
	{
		addLogByUsername("Access Denied : Management User Invalid");
		setSessionErr();
		setSessionMsg("Access denied");
		header("Location: ".$url_referer);
	}
	
	
	/* End Process */
?>
<?php include($dot.'mvz-config/system/end.php'); ?>